It’s little surprise that last week’s RSA Conference was dominated by discussions of NSA surveillance activities. Since news of Edward Snowden’s NSA leaks broke, the public has been hit with revelation after revelation about clandestine surveillance activities that challenge our perceptions of privacy in today’s hyper-connected world, as well as our expectations and appetite for government snooping required for the public safety and national defense.

A survey conducted at the RSA Conference found that attendees were evenly split as to whether or not they felt the NSA had overstepped its bounds. Meanwhile, the controversy even sparked the creation of TrustyCon – a privacy-themed conference – held in a nearby movie theater during RSA.

Politics aside, The Snowden Effect has had very real implications for CISOs and their teams, especially those working for U.S. defense contractors with access to sensitive government information.

Defense Contractors Respond

To learn how defense contractors are adapting to a post-Snowden world, ThreatTrack Security recently conducted a survey of 100 IT/security managers at U.S. defense contractors. 63% of survey respondents hold either secret, top secret or confidential clearances; 44% of respondents said they have access to networks and databases that store confidential information; and one quarter of those polled work for organizations with IT security budgets of $1 million to $10 million, and another 23% for organizations with budgets exceeding $10 million.

Here are some highlights of what we learned:

75% of respondents indicated that The Edward Snowden incident has changed their companies’ cybersecurity practices in one of the following ways:

55% say their employees now receive more cybersecurity awareness training

52% have reviewed or re-evaluated employee data access privileges

47% are on higher alert for anomalous network activity by employees

41% have implemented stricter hiring practices

39% say their own IT administrative rights have been restricted

88% believe “the government provides adequate guidance and support to contractors to ensure sensitive data is secure and protected against cyber-attacks.”

62% reported that they are concerned their organization is vulnerable to Advanced Persistent Threats (APTs), targeted attacks and sophisticated cybercrime and cyber-espionage tactics.

Respondents identified the most difficult aspects of defending their organization against advanced malware as:

While the survey results are encouraging in many areas – demonstrating that defense contractors are becoming more proactive in their cybersecurity policies in the wake of Snowden – it also revealed that like the overall enterprise cybersecurity community, areas for improvement still exist.

CISOs, have you re-evaluated your security practices because of the Snowden revelations? Has the NSA controversy impacted your strategy, including internal policies, how you share data with third parties, or even what vendor solutions you deploy? Let us know at CSOblog@threattrack.com.